OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-services message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [security-services] Groups-draft-sstc-solution-profile-soap-02.pdfuploaded

Scott Cantor <cantor.2@osu.edu> wrote on 02/10/2004 11:34:33 AM:

> >Perhaps there isn't a need for every single authentication mechanism to
> have
> >its own profile, but we need to make sure we can support these mechanisms
> >when used with SAML. We are proposing a profile of how WSS can be used with
> >SAML.
> Let me clarify my point a little...I'm asking what is special about securing
> the SAML request/response protocol with WSS as opposed to any other
> SOAP-bound req/resp protocol. I don't see anything specific to SAML
> involved.

I agree that there is a significant subset(superset?) of what we are talking about that applies generally no matter what authentication mechanism is used.

> Secondarily, the SOAP client "profile" as we're calling it now, is a
> different beast. It's a specific use case in which the SAML protocol is
> bound to SOAP because all the parties speak it. I see no clear reason why
> WSS has to be part of that "profile" discussion in the sense that it's
> orthogonal. Not that it's not applicable or relevant, simply a different
> layer.

Perhaps part of the confusion is, as has been pointing out previously by Rich Salz and yourself, the lack of consistent use of the terms profile, binding, and protocol. We are just trying to make sure that the SAML protocols/bindings/profiles are factored in a way that enables and appropriately leverages use of WSS in a SOAP Binding/Profile or whatever you want to call it.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]